Thorsten Glaser wrote: > >ENTROPY_NEEDED is hardcoded to 32. > > Is that OpenSSL/Debian, OpenSSL/GNU/Linux, or OpenSSL in general, > by the way? (While I’m not unfamiliar with the codebase, the one > I’m using on BSD differs.)
It's like that in the upstream tarball AFAICS.
BTW, openssl(1) can be used to generate larger keys, so there must be
sizes of keys where the 32 bytes is not enough entropy. Whether it makes
any sense to make such a large key I don't know[1]. openssl(1) is
certianly not doing anything to prevent foot-shooting here.
--
see shy jo
[1] Though at least making a larger than default size gpg key has been a
good choice over the past 10-15 years in hindsight.
signature.asc
Description: Digital signature
